SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.
SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=.
SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter.
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php.
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp.
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.
Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action.
SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter.
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=.
SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=.
SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter.
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.
SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action.
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.